Critical severityNVD Advisory· Published Oct 4, 2021· Updated Aug 4, 2024
CVE-2021-41868
CVE-2021-41868
Description
OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
onionshare-cliPyPI | >= 2.3, < 2.4 | 2.4 |
Affected products
4- OnionShare/OnionSharedescription
- ghsa-coords3 versionspkg:pypi/onionshare-clipkg:rpm/opensuse/python3-onionshare&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-onionshare&distro=openSUSE%20Tumbleweed
>= 2.3, < 2.4+ 2 more
- (no CPE)range: >= 2.3, < 2.4
- (no CPE)range: < 2.6-4.1
- (no CPE)range: < 2.4-1.1
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-7g47-xxff-9p85ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-41868ghsaADVISORY
- github.com/onionshare/onionshare/compare/v2.3.3...v2.4mitrex_refsource_MISC
- github.com/onionshare/onionshare/issues/1396ghsaWEB
- github.com/onionshare/onionshare/pull/1404ghsaWEB
- www.ihteam.net/advisory/onionshareghsaWEB
- www.ihteam.net/advisory/onionshare/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.